Vergleich admin/modules/user/admin_permissions.php - 1.8.2 - 1.8.38

Keine Änderungen Hinzugefügt Modifiziert Entfernt
Zeile 37	Zeile 37
); }	); }
$uid = $mybb->get_input('uid', 1);	$uid = $mybb->get_input('uid', MyBB::INPUT_INT);
$plugins->run_hooks("admin_user_admin_permissions_begin");	$plugins->run_hooks("admin_user_admin_permissions_begin");
Zeile 49	Zeile 49
admin_redirect("index.php?module=user-admin_permissions"); }	admin_redirect("index.php?module=user-admin_permissions"); }
if($mybb->input['no'])	if($mybb->get_input('no'))
{ admin_redirect("index.php?module=user-admin_permissions"); }	{ admin_redirect("index.php?module=user-admin_permissions"); }
Zeile 122	Zeile 122
{ foreach($mybb->input['permissions'] as $module => $actions) {	{ foreach($mybb->input['permissions'] as $module => $actions) {
$no_access = 0; foreach($actions as $action => $access)	if(is_array($actions))
{	{
if($access == 0)	$no_access = 0; foreach($actions as $action => $access)
{	{
++$no_access;	if($access == 0) { ++$no_access; } } // User can't access any actions in this module - just disallow it completely if($no_access == count($actions)) { unset($mybb->input['permissions'][$module]);
}	}
} // User can't access any actions in this module - just disallow it completely if($no_access == count($actions)) { unset($mybb->input['permissions'][$module]);
} } // Does an options row exist for this admin already?	} } // Does an options row exist for this admin already?
$query = $db->simple_select("adminoptions", "COUNT(uid) AS existing_options", "uid='".$mybb->get_input('uid', 1)."'");	$query = $db->simple_select("adminoptions", "COUNT(uid) AS existing_options", "uid='".$mybb->get_input('uid', MyBB::INPUT_INT)."'");
$existing_options = $db->fetch_field($query, "existing_options"); if($existing_options > 0) {	$existing_options = $db->fetch_field($query, "existing_options"); if($existing_options > 0) {
$db->update_query("adminoptions", array('permissions' => $db->escape_string(serialize($mybb->input['permissions']))), "uid = '".$mybb->get_input('uid', 1)."'");	$db->update_query("adminoptions", array('permissions' => $db->escape_string(my_serialize($mybb->input['permissions']))), "uid = '".$mybb->get_input('uid', MyBB::INPUT_INT)."'");
} else { $insert_array = array(	} else { $insert_array = array(
"uid" => $mybb->get_input('uid', 1), "permissions" => $db->escape_string(serialize($mybb->input['permissions'])),	"uid" => $mybb->get_input('uid', MyBB::INPUT_INT), "permissions" => $db->escape_string(my_serialize($mybb->input['permissions'])),
"notes" => '', "defaultviews" => '' );	"notes" => '', "defaultviews" => '' );
Zeile 210	Zeile 213
$admin = $db->fetch_array($query); $permission_data = get_admin_permissions($uid, $admin['gid']);	$admin = $db->fetch_array($query); $permission_data = get_admin_permissions($uid, $admin['gid']);
$title = $admin['username'];	$title = htmlspecialchars_uni($admin['username']);
$page->add_breadcrumb_item($lang->user_permissions, "index.php?module=user-admin_permissions"); } elseif($uid < 0)	$page->add_breadcrumb_item($lang->user_permissions, "index.php?module=user-admin_permissions"); } elseif($uid < 0)
{	{
$gid = abs($uid); $query = $db->simple_select("usergroups", "title", "gid='$gid'"); $group = $db->fetch_array($query);	$gid = abs($uid); $query = $db->simple_select("usergroups", "title", "gid='$gid'"); $group = $db->fetch_array($query);
Zeile 294	Zeile 297
$form_container = new FormContainer("{$module['name']}"); foreach($module['permissions'] as $action => $title) {	$form_container = new FormContainer("{$module['name']}"); foreach($module['permissions'] as $action => $title) {
	if(!isset($permission_data[$key][$action])) { $permission_data[$key][$action] = 0; }
$form_container->output_row($title, "", $form->generate_yes_no_radio('permissions['.$key.']['.$action.']', (int)$permission_data[$key][$action], array('yes' => 1, 'no' => 0)), 'permissions['.$key.']['.$action.']'); } $form_container->end(); echo "</div>\n"; }	$form_container->output_row($title, "", $form->generate_yes_no_radio('permissions['.$key.']['.$action.']', (int)$permission_data[$key][$action], array('yes' => 1, 'no' => 0)), 'permissions['.$key.']['.$action.']'); } $form_container->end(); echo "</div>\n"; }

$buttons[] = $form->generate_submit_button($lang->update_permissions); $form->output_submit_wrapper($buttons); $form->end();	$buttons[] = $form->generate_submit_button($lang->update_permissions); $form->output_submit_wrapper($buttons); $form->end();
Zeile 318	Zeile 326
$table = new Table; $table->construct_header($lang->group);	$table = new Table; $table->construct_header($lang->group);
$table->construct_header($lang->controls, array("class" => "align_center", "width" => 150)); // Get usergroups with ACP access $query = $db->query(" SELECT g.title, g.cancp, a.permissions, g.gid FROM ".TABLE_PREFIX."usergroups g LEFT JOIN ".TABLE_PREFIX."adminoptions a ON (a.uid = -g.gid) WHERE g.cancp = 1 ORDER BY g.title ASC ");	$table->construct_header($lang->controls, array("class" => "align_center", "width" => 150)); // Get usergroups with ACP access $query = $db->query(" SELECT g.title, g.cancp, a.permissions, g.gid FROM ".TABLE_PREFIX."usergroups g LEFT JOIN ".TABLE_PREFIX."adminoptions a ON (a.uid = -g.gid) WHERE g.cancp = 1 ORDER BY g.title ASC ");
while($group = $db->fetch_array($query)) { if($group['permissions'] != "")	while($group = $db->fetch_array($query)) { if($group['permissions'] != "")
{	{
$perm_type = "group"; } else	$perm_type = "group"; } else
Zeile 339	Zeile 347
$perm_type = "default"; } $uid = -$group['gid'];	$perm_type = "default"; } $uid = -$group['gid'];
	$group['title'] = htmlspecialchars_uni($group['title']);
$table->construct_cell("<div class=\"float_right\"><img src=\"styles/{$page->style}/images/icons/{$perm_type}.png\" title=\"{$lang->permissions_type_group}\" alt=\"{$perm_type}\" /></div><div><strong><a href=\"index.php?module=user-admin_permissions&action=edit&uid={$uid}\" title=\"{$lang->edit_group}\">{$group['title']}</a></strong><br /></div>"); if($group['permissions'] != "")	$table->construct_cell("<div class=\"float_right\"><img src=\"styles/{$page->style}/images/icons/{$perm_type}.png\" title=\"{$lang->permissions_type_group}\" alt=\"{$perm_type}\" /></div><div><strong><a href=\"index.php?module=user-admin_permissions&action=edit&uid={$uid}\" title=\"{$lang->edit_group}\">{$group['title']}</a></strong><br /></div>"); if($group['permissions'] != "")
Zeile 347	Zeile 358
$popup->add_item($lang->edit_permissions, "index.php?module=user-admin_permissions&action=edit&uid={$uid}"); // Check permissions for Revoke	$popup->add_item($lang->edit_permissions, "index.php?module=user-admin_permissions&action=edit&uid={$uid}"); // Check permissions for Revoke
$popup->add_item($lang->revoke_permissions, "index.php?module=user-admin_permissions&action=delete&uid={$uid}&my_post_key={$mybb->post_code}", "return AdminCP.deleteConfirmation(this, 'Are you sure you wish to revoke this group\'s permissions?')");	$popup->add_item($lang->revoke_permissions, "index.php?module=user-admin_permissions&action=delete&uid={$uid}&my_post_key={$mybb->post_code}", "return AdminCP.deleteConfirmation(this, '$lang->confirm_perms_deletion3')");
$table->construct_cell($popup->fetch(), array("class" => "align_center")); } else	$table->construct_cell($popup->fetch(), array("class" => "align_center")); } else
Zeile 398	Zeile 409
$usergroups[$usergroup['gid']] = $usergroup; }	$usergroups[$usergroup['gid']] = $usergroup; }
// Get users whose primary or secondary usergroup has ACP access $comma = $primary_group_list = $secondary_group_list = ''; foreach($usergroups as $gid => $group_info)	if(!empty($usergroups))
{	{
$primary_group_list .= $comma.$gid; switch($db->type) { case "pgsql": case "sqlite": $secondary_group_list .= " OR ','\|\| u.additionalgroups\|\|',' LIKE '%,{$gid},%'"; break; default: $secondary_group_list .= " OR CONCAT(',', u.additionalgroups,',') LIKE '%,{$gid},%'"; } $comma = ','; } $group_list = implode(',', array_keys($usergroups)); $secondary_groups = ','.$group_list.','; // Get usergroups with ACP access $query = $db->query(" SELECT g.title, g.cancp, a.permissions, g.gid FROM ".TABLE_PREFIX."usergroups g LEFT JOIN ".TABLE_PREFIX."adminoptions a ON (a.uid = -g.gid) WHERE g.cancp = 1 ORDER BY g.title ASC "); while($group = $db->fetch_array($query)) { $group_permissions[$group['gid']] = $group['permissions']; } $query = $db->query(" SELECT u.uid, u.username, u.lastactive, u.usergroup, u.additionalgroups, a.permissions FROM ".TABLE_PREFIX."users u LEFT JOIN ".TABLE_PREFIX."adminoptions a ON (a.uid=u.uid) WHERE u.usergroup IN ({$primary_group_list}) {$secondary_group_list} ORDER BY u.username ASC "); while($admin = $db->fetch_array($query)) { if($admin['permissions'] != "") { $perm_type = "user"; } else	// Get users whose primary or secondary usergroup has ACP access $comma = $primary_group_list = $secondary_group_list = ''; foreach($usergroups as $gid => $group_info)
{	{
$groups = explode(",", $admin['additionalgroups'].",".$admin['usergroup']); foreach($groups as $group)	$primary_group_list .= $comma.$gid; switch($db->type)
{	{
if($group == "") continue; if($group_permissions[$group] != "") { $perm_type = "group";	case "pgsql": case "sqlite": $secondary_group_list .= " OR ','\|\| u.additionalgroups\|\|',' LIKE '%,{$gid},%'";
break;	break;
} } if(!$group_permissions) { $perm_type = "default"; }	default: $secondary_group_list .= " OR CONCAT(',', u.additionalgroups,',') LIKE '%,{$gid},%'"; } $comma = ','; } $group_list = implode(',', array_keys($usergroups)); $secondary_groups = ','.$group_list.','; // Get usergroups with ACP access $query = $db->query(" SELECT g.title, g.cancp, a.permissions, g.gid FROM ".TABLE_PREFIX."usergroups g LEFT JOIN ".TABLE_PREFIX."adminoptions a ON (a.uid = -g.gid) WHERE g.cancp = 1 ORDER BY g.title ASC "); while($group = $db->fetch_array($query)) { $group_permissions[$group['gid']] = $group['permissions'];
}	}
$usergroup_list = array();	$query = $db->query(" SELECT u.uid, u.username, u.lastactive, u.usergroup, u.additionalgroups, a.permissions FROM ".TABLE_PREFIX."users u LEFT JOIN ".TABLE_PREFIX."adminoptions a ON (a.uid=u.uid) WHERE u.usergroup IN ({$primary_group_list}) {$secondary_group_list} ORDER BY u.username ASC "); while($admin = $db->fetch_array($query)) { $perm_type = "default"; if($admin['permissions'] != "") { $perm_type = "user"; } else { $groups = explode(",", $admin['additionalgroups'].",".$admin['usergroup']); foreach($groups as $group) { if($group == "") continue; if($group_permissions[$group] != "") { $perm_type = "group"; break; } } } $usergroup_list = array(); // Build a list of group memberships that have access to the Admin CP // Primary usergroup? if(!empty($usergroups[$admin['usergroup']]) && $usergroups[$admin['usergroup']]['cancp'] == 1) { $usergroup_list[] = "<i>".htmlspecialchars_uni($usergroups[$admin['usergroup']]['title'])."</i>"; } // Secondary usergroups? $additional_groups = explode(',', $admin['additionalgroups']); if(is_array($additional_groups)) { foreach($additional_groups as $gid) { if(!empty($usergroups[$gid]) && $usergroups[$gid]['cancp'] == 1) { $usergroup_list[] = htmlspecialchars_uni($usergroups[$gid]['title']); } } } $usergroup_list = implode($lang->comma, $usergroup_list); $username = htmlspecialchars_uni($admin['username']); $table->construct_cell("<div class=\"float_right\"><img src=\"styles/{$page->style}/images/icons/{$perm_type}.png\" title=\"{$lang->permissions_type_user}\" alt=\"{$perm_type}\" /></div><div><strong><a href=\"index.php?module=user-admin_permissions&action=edit&uid={$admin['uid']}\" title=\"{$lang->edit_user}\">{$username}</a></strong><br /><small>{$usergroup_list}</small></div>"); $table->construct_cell(my_date('relative', $admin['lastactive']), array("class" => "align_center"));

// Build a list of group memberships that have access to the Admin CP // Primary usergroup? if($usergroups[$admin['usergroup']]['cancp'] == 1) { $usergroup_list[] = "<i>".$usergroups[$admin['usergroup']]['title']."</i>"; } // Secondary usergroups? $additional_groups = explode(',', $admin['additionalgroups']); if(is_array($additional_groups)) { foreach($additional_groups as $gid)	$popup = new PopupMenu("adminperm_{$admin['uid']}", $lang->options); if(!is_super_admin($admin['uid']))
{	{
if($usergroups[$gid]['cancp'] == 1)	if($admin['permissions'] != "")
{	{
$usergroup_list[] = $usergroups[$gid]['title'];	$popup->add_item($lang->edit_permissions, "index.php?module=user-admin_permissions&action=edit&uid={$admin['uid']}"); $popup->add_item($lang->revoke_permissions, "index.php?module=user-admin_permissions&action=delete&uid={$admin['uid']}&my_post_key={$mybb->post_code}", "return AdminCP.deleteConfirmation(this, '{$lang->confirm_perms_deletion2}')"); } else { $popup->add_item($lang->set_permissions, "index.php?module=user-admin_permissions&action=edit&uid={$admin['uid']}");
} }	} }
	$popup->add_item($lang->view_log, "index.php?module=tools-adminlog&uid={$admin['uid']}"); $table->construct_cell($popup->fetch(), array("class" => "align_center")); $table->construct_row();
}	}
$usergroup_list = implode(", ", $usergroup_list); $table->construct_cell("<div class=\"float_right\"><img src=\"styles/{$page->style}/images/icons/{$perm_type}.png\" title=\"{$lang->perms_type_user}\" alt=\"{$perm_type}\" /></div><div><strong><a href=\"index.php?module=user-admin_permissions&action=edit&uid={$admin['uid']}\" title=\"{$lang->edit_user}\">{$admin['username']}</a></strong><br /><small>{$usergroup_list}</small></div>"); $table->construct_cell(my_date('relative', $admin['lastactive']), array("class" => "align_center")); $popup = new PopupMenu("adminperm_{$admin['uid']}", $lang->options); if(!is_super_admin($admin['uid'])) { if($admin['permissions'] != "") { $popup->add_item($lang->edit_permissions, "index.php?module=user-admin_permissions&action=edit&uid={$admin['uid']}"); $popup->add_item($lang->revoke_permissions, "index.php?module=user-admin_permissions&action=delete&uid={$admin['uid']}&my_post_key={$mybb->post_code}", "return AdminCP.deleteConfirmation(this, '{$lang->confirm_perms_deletion2}')"); } else { $popup->add_item($lang->set_permissions, "index.php?module=user-admin_permissions&action=edit&uid={$admin['uid']}"); } } $popup->add_item($lang->view_log, "index.php?module=tools-adminlog&uid={$admin['uid']}"); $table->construct_cell($popup->fetch(), array("class" => "align_center")); $table->construct_row();
}	}
if($table->num_rows() == 0)	if(empty($usergroups) \|\| $table->num_rows() == 0)
{ $table->construct_cell($lang->no_user_perms, array("colspan" => "3")); $table->construct_row();	{ $table->construct_cell($lang->no_user_perms, array("colspan" => "3")); $table->construct_row();